xref: /illumos-gate/usr/src/cmd/sendmail/src/usersmtp.c (revision e9af4bc0)

/*
 * Copyright (c) 1998-2006, 2008, 2009 Sendmail, Inc. and its suppliers.
 *	All rights reserved.
 * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
 * Copyright (c) 1988, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * By using this file, you agree to the terms and conditions set
 * forth in the LICENSE file which can be found at the top level of
 * the sendmail distribution.
 *
 */

#include <sendmail.h>

SM_RCSID("@(#)$Id: usersmtp.c,v 8.473 2009/06/17 17:26:51 ca Exp $")

#include <sysexits.h>


static void	esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
static void	helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
static int	smtprcptstat __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *));

#if SASL
extern void	*sm_sasl_malloc __P((unsigned long));
extern void	sm_sasl_free __P((void *));
#endif /* SASL */

/*
**  USERSMTP -- run SMTP protocol from the user end.
**
**	This protocol is described in RFC821.
*/

#define REPLYCLASS(r)	(((r) / 10) % 10)	/* second digit of reply code */
#define SMTPCLOSING	421			/* "Service Shutting Down" */

#define ENHSCN(e, d)	((e) == NULL ? (d) : (e))

#define ENHSCN_RPOOL(e, d, rpool) \
	((e) == NULL ? (d) : sm_rpool_strdup_x(rpool, e))

static char	SmtpMsgBuffer[MAXLINE];		/* buffer for commands */
static char	SmtpReplyBuffer[MAXLINE];	/* buffer for replies */
static bool	SmtpNeedIntro;		/* need "while talking" in transcript */
/*
**  SMTPINIT -- initialize SMTP.
**
**	Opens the connection and sends the initial protocol.
**
**	Parameters:
**		m -- mailer to create connection to.
**		mci -- the mailer connection info.
**		e -- the envelope.
**		onlyhelo -- send only helo command?
**
**	Returns:
**		none.
**
**	Side Effects:
**		creates connection and sends initial protocol.
*/

void
smtpinit(m, mci, e, onlyhelo)
	MAILER *m;
	register MCI *mci;
	ENVELOPE *e;
	bool onlyhelo;
{
	register int r;
	int state;
	register char *p;
	register char *hn;
	char *enhsc;

	enhsc = NULL;
	if (tTd(18, 1))
	{
		sm_dprintf("smtpinit ");
		mci_dump(sm_debug_file(), mci, false);
	}

	/*
	**  Open the connection to the mailer.
	*/

	SmtpError[0] = '\0';
	SmtpMsgBuffer[0] = '\0';
	CurHostName = mci->mci_host;		/* XXX UGLY XXX */
	if (CurHostName == NULL)
		CurHostName = MyHostName;
	SmtpNeedIntro = true;
	state = mci->mci_state;
	switch (state)
	{
	  case MCIS_MAIL:
	  case MCIS_RCPT:
	  case MCIS_DATA:
		/* need to clear old information */
		smtprset(m, mci, e);
		/* FALLTHROUGH */

	  case MCIS_OPEN:
		if (!onlyhelo)
			return;
		break;

	  case MCIS_ERROR:
	  case MCIS_QUITING:
	  case MCIS_SSD:
		/* shouldn't happen */
		smtpquit(m, mci, e);
		/* FALLTHROUGH */

	  case MCIS_CLOSED:
		syserr("451 4.4.0 smtpinit: state CLOSED (was %d)", state);
		return;

	  case MCIS_OPENING:
		break;
	}
	if (onlyhelo)
		goto helo;

	mci->mci_state = MCIS_OPENING;
	clrsessenvelope(e);

	/*
	**  Get the greeting message.
	**	This should appear spontaneously.  Give it five minutes to
	**	happen.
	*/

	SmtpPhase = mci->mci_phase = "client greeting";
	sm_setproctitle(true, e, "%s %s: %s",
			qid_printname(e), CurHostName, mci->mci_phase);
	r = reply(m, mci, e, TimeOuts.to_initial, esmtp_check, NULL,
		XS_DEFAULT);
	if (r < 0)
		goto tempfail1;
	if (REPLYTYPE(r) == 4)
		goto tempfail2;
	if (REPLYTYPE(r) != 2)
		goto unavailable;

	/*
	**  Send the HELO command.
	**	My mother taught me to always introduce myself.
	*/

helo:
	if (bitnset(M_ESMTP, m->m_flags) || bitnset(M_LMTP, m->m_flags))
		mci->mci_flags |= MCIF_ESMTP;
	hn = mci->mci_heloname ? mci->mci_heloname : MyHostName;

tryhelo:
#if _FFR_IGNORE_EXT_ON_HELO
	mci->mci_flags &= ~MCIF_HELO;
#endif /* _FFR_IGNORE_EXT_ON_HELO */
	if (bitnset(M_LMTP, m->m_flags))
	{
		smtpmessage("LHLO %s", m, mci, hn);
		SmtpPhase = mci->mci_phase = "client LHLO";
	}
	else if (bitset(MCIF_ESMTP, mci->mci_flags) &&
		 !bitnset(M_FSMTP, m->m_flags))
	{
		smtpmessage("EHLO %s", m, mci, hn);
		SmtpPhase = mci->mci_phase = "client EHLO";
	}
	else
	{
		smtpmessage("HELO %s", m, mci, hn);
		SmtpPhase = mci->mci_phase = "client HELO";
#if _FFR_IGNORE_EXT_ON_HELO
		mci->mci_flags |= MCIF_HELO;
#endif /* _FFR_IGNORE_EXT_ON_HELO */
	}
	sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
			CurHostName, mci->mci_phase);
	r = reply(m, mci, e,
		  bitnset(M_LMTP, m->m_flags) ? TimeOuts.to_lhlo
					      : TimeOuts.to_helo,
		  helo_options, NULL, XS_DEFAULT);
	if (r < 0)
		goto tempfail1;
	else if (REPLYTYPE(r) == 5)
	{
		if (bitset(MCIF_ESMTP, mci->mci_flags) &&
		    !bitnset(M_LMTP, m->m_flags))
		{
			/* try old SMTP instead */
			mci->mci_flags &= ~MCIF_ESMTP;
			goto tryhelo;
		}
		goto unavailable;
	}
	else if (REPLYTYPE(r) != 2)
		goto tempfail2;

	/*
	**  Check to see if we actually ended up talking to ourself.
	**  This means we didn't know about an alias or MX, or we managed
	**  to connect to an echo server.
	*/

	p = strchr(&SmtpReplyBuffer[4], ' ');
	if (p != NULL)
		*p = '\0';
	if (!bitnset(M_NOLOOPCHECK, m->m_flags) &&
	    !bitnset(M_LMTP, m->m_flags) &&
	    sm_strcasecmp(&SmtpReplyBuffer[4], MyHostName) == 0)
	{
		syserr("553 5.3.5 %s config error: mail loops back to me (MX problem?)",
			CurHostName);
		mci_setstat(mci, EX_CONFIG, "5.3.5",
			    "553 5.3.5 system config error");
		mci->mci_errno = 0;
		smtpquit(m, mci, e);
		return;
	}

	/*
	**  If this is expected to be another sendmail, send some internal
	**  commands.
	**  If we're running as MSP, "propagate" -v flag if possible.
	*/

	if ((UseMSP && Verbose && bitset(MCIF_VERB, mci->mci_flags))
# if !_FFR_DEPRECATE_MAILER_FLAG_I
	    || bitnset(M_INTERNAL, m->m_flags)
# endif /* !_FFR_DEPRECATE_MAILER_FLAG_I */
	   )
	{
		/* tell it to be verbose */
		smtpmessage("VERB", m, mci);
		r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, &enhsc,
			XS_DEFAULT);
		if (r < 0)
			goto tempfail1;
	}

	if (mci->mci_state != MCIS_CLOSED)
	{
		mci->mci_state = MCIS_OPEN;
		return;
	}

	/* got a 421 error code during startup */

  tempfail1:
	mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.4.2"), NULL);
	if (mci->mci_state != MCIS_CLOSED)
		smtpquit(m, mci, e);
	return;

  tempfail2:
	/* XXX should use code from other end iff ENHANCEDSTATUSCODES */
	mci_setstat(mci, EX_TEMPFAIL, ENHSCN(enhsc, "4.5.0"),
		    SmtpReplyBuffer);
	if (mci->mci_state != MCIS_CLOSED)
		smtpquit(m, mci, e);
	return;

  unavailable:
	mci_setstat(mci, EX_UNAVAILABLE, "5.5.0", SmtpReplyBuffer);
	smtpquit(m, mci, e);
	return;
}
/*
**  ESMTP_CHECK -- check to see if this implementation likes ESMTP protocol
**
**	Parameters:
**		line -- the response line.
**		firstline -- set if this is the first line of the reply.
**		m -- the mailer.
**		mci -- the mailer connection info.
**		e -- the envelope.
**
**	Returns:
**		none.
*/

static void
esmtp_check(line, firstline, m, mci, e)
	char *line;
	bool firstline;
	MAILER *m;
	register MCI *mci;
	ENVELOPE *e;
{
	if (strstr(line, "ESMTP") != NULL)
		mci->mci_flags |= MCIF_ESMTP;

	/*
	**  Dirty hack below. Quoting the author:
	**  This was a response to people who wanted SMTP transmission to be
	**  just-send-8 by default.  Essentially, you could put this tag into
	**  your greeting message to behave as though the F=8 flag was set on
	**  the mailer.
	*/

	if (strstr(line, "8BIT-OK") != NULL)
		mci->mci_flags |= MCIF_8BITOK;
}

#if SASL
/* specify prototype so compiler can check calls */
static char *str_union __P((char *, char *, SM_RPOOL_T *));

/*
**  STR_UNION -- create the union of two lists
**
**	Parameters:
**		s1, s2 -- lists of items (separated by single blanks).
**		rpool -- resource pool from which result is allocated.
**
**	Returns:
**		the union of both lists.
*/

static char *
str_union(s1, s2, rpool)
	char *s1, *s2;
	SM_RPOOL_T *rpool;
{
	char *hr, *h1, *h, *res;
	int l1, l2, rl;

	if (s1 == NULL || *s1 == '\0')
		return s2;
	if (s2 == NULL || *s2 == '\0')
		return s1;
	l1 = strlen(s1);
	l2 = strlen(s2);
	rl = l1 + l2;
	res = (char *) sm_rpool_malloc(rpool, rl + 2);
	if (res == NULL)
	{
		if (l1 > l2)
			return s1;
		return s2;
	}
	(void) sm_strlcpy(res, s1, rl);
	hr = res + l1;
	h1 = s2;
	h = s2;

	/* walk through s2 */
	while (h != NULL && *h1 != '\0')
	{
		/* is there something after the current word? */
		if ((h = strchr(h1, ' ')) != NULL)
			*h = '\0';
		l1 = strlen(h1);

		/* does the current word appear in s1 ? */
		if (iteminlist(h1, s1, " ") == NULL)
		{
			/* add space as delimiter */
			*hr++ = ' ';

			/* copy the item */
			memcpy(hr, h1, l1);

			/* advance pointer in result list */
			hr += l1;
			*hr = '\0';
		}
		if (h != NULL)
		{
			/* there are more items */
			*h = ' ';
			h1 = h + 1;
		}
	}
	return res;
}
#endif /* SASL */

/*
**  HELO_OPTIONS -- process the options on a HELO line.
**
**	Parameters:
**		line -- the response line.
**		firstline -- set if this is the first line of the reply.
**		m -- the mailer.
**		mci -- the mailer connection info.
**		e -- the envelope (unused).
**
**	Returns:
**		none.
*/

static void
helo_options(line, firstline, m, mci, e)
	char *line;
	bool firstline;
	MAILER *m;
	register MCI *mci;
	ENVELOPE *e;
{
	register char *p;
#if _FFR_IGNORE_EXT_ON_HELO
	static bool logged = false;
#endif /* _FFR_IGNORE_EXT_ON_HELO */

	if (firstline)
	{
#if SASL
		mci->mci_saslcap = NULL;
#endif /* SASL */
#if _FFR_IGNORE_EXT_ON_HELO
		logged = false;
#endif /* _FFR_IGNORE_EXT_ON_HELO */
		return;
	}
#if _FFR_IGNORE_EXT_ON_HELO
	else if (bitset(MCIF_HELO, mci->mci_flags))
	{
		if (LogLevel > 8 && !logged)
		{
			sm_syslog(LOG_WARNING, NOQID,
				  "server=%s [%s] returned extensions despite HELO command",
				  macvalue(macid("{server_name}"), e),
				  macvalue(macid("{server_addr}"), e));
			logged = true;
		}
		return;
	}
#endif /* _FFR_IGNORE_EXT_ON_HELO */

	if (strlen(line) < 5)
		return;
	line += 4;
	p = strpbrk(line, " =");
	if (p != NULL)
		*p++ = '\0';
	if (sm_strcasecmp(line, "size") == 0)
	{
		mci->mci_flags |= MCIF_SIZE;
		if (p != NULL)
			mci->mci_maxsize = atol(p);
	}
	else if (sm_strcasecmp(line, "8bitmime") == 0)
	{
		mci->mci_flags |= MCIF_8BITMIME;
		mci->mci_flags &= ~MCIF_7BIT;
	}
	else if (sm_strcasecmp(line, "expn") == 0)
		mci->mci_flags |= MCIF_EXPN;
	else if (sm_strcasecmp(line, "dsn") == 0)
		mci->mci_flags |= MCIF_DSN;
	else if (sm_strcasecmp(line, "enhancedstatuscodes") == 0)
		mci->mci_flags |= MCIF_ENHSTAT;
	else if (sm_strcasecmp(line, "pipelining") == 0)
		mci->mci_flags |= MCIF_PIPELINED;
	else if (sm_strcasecmp(line, "verb") == 0)
		mci->mci_flags |= MCIF_VERB;
#if STARTTLS
	else if (sm_strcasecmp(line, "starttls") == 0)
		mci->mci_flags |= MCIF_TLS;
#endif /* STARTTLS */
	else if (sm_strcasecmp(line, "deliverby") == 0)
	{
		mci->mci_flags |= MCIF_DLVR_BY;
		if (p != NULL)
			mci->mci_min_by = atol(p);
	}
#if SASL
	else if (sm_strcasecmp(line, "auth") == 0)
	{
		if (p != NULL && *p != '\0')
		{
			if (mci->mci_saslcap != NULL)
			{
				/*
				**  Create the union with previous auth
				**  offerings because we recognize "auth "
				**  and "auth=" (old format).
				*/

				mci->mci_saslcap = str_union(mci->mci_saslcap,
							     p, mci->mci_rpool);
				mci->mci_flags |= MCIF_AUTH;
			}
			else
			{
				int l;

				l = strlen(p) + 1;
				mci->mci_saslcap = (char *)
					sm_rpool_malloc(mci->mci_rpool, l);
				if (mci->mci_saslcap != NULL)
				{
					(void) sm_strlcpy(mci->mci_saslcap, p,
							  l);
					mci->mci_flags |= MCIF_AUTH;
				}
			}
		}
	}
#endif /* SASL */
}
#if SASL

static int getsimple	__P((void *, int, const char **, unsigned *));
static int getsecret	__P((sasl_conn_t *, void *, int, sasl_secret_t **));
static int saslgetrealm	__P((void *, int, const char **, const char **));
static int readauth	__P((char *, bool, SASL_AI_T *m, SM_RPOOL_T *));
static int getauth	__P((MCI *, ENVELOPE *, SASL_AI_T *));
static char *removemech	__P((char *, char *, SM_RPOOL_T *));
static int attemptauth	__P((MAILER *, MCI *, ENVELOPE *, SASL_AI_T *));

static sasl_callback_t callbacks[] =
{
	{	SASL_CB_GETREALM,	&saslgetrealm,	NULL	},
#define CB_GETREALM_IDX	0
	{	SASL_CB_PASS,		&getsecret,	NULL	},
#define CB_PASS_IDX	1
	{	SASL_CB_USER,		&getsimple,	NULL	},
#define CB_USER_IDX	2
	{	SASL_CB_AUTHNAME,	&getsimple,	NULL	},
#define CB_AUTHNAME_IDX	3
	{	SASL_CB_VERIFYFILE,	&safesaslfile,	NULL	},
#define CB_SAFESASL_IDX	4
	{	SASL_CB_LIST_END,	NULL,		NULL	}
};

/*
**  INIT_SASL_CLIENT -- initialize client side of Cyrus-SASL
**
**	Parameters:
**		none.
**
**	Returns:
**		SASL_OK -- if successful.
**		SASL error code -- otherwise.
**
**	Side Effects:
**		checks/sets sasl_clt_init.
**
**	Note:
**	Callbacks are ignored if sasl_client_init() has
**	been called before (by a library such as libnss_ldap)
*/

static bool sasl_clt_init = false;

static int
init_sasl_client()
{
	int result;

	if (sasl_clt_init)
		return SASL_OK;
	result = sasl_client_init(callbacks);

	/* should we retry later again or just remember that it failed? */
	if (result == SASL_OK)
		sasl_clt_init = true;
	return result;
}
/*
**  STOP_SASL_CLIENT -- shutdown client side of Cyrus-SASL
**
**	Parameters:
**		none.
**
**	Returns:
**		none.
**
**	Side Effects:
**		checks/sets sasl_clt_init.
*/

void
stop_sasl_client()
{
	if (!sasl_clt_init)
		return;
	sasl_clt_init = false;
	sasl_done();
}
/*
**  GETSASLDATA -- process the challenges from the SASL protocol
**
**	This gets the relevant sasl response data out of the reply
**	from the server.
**
**	Parameters:
**		line -- the response line.
**		firstline -- set if this is the first line of the reply.
**		m -- the mailer.
**		mci -- the mailer connection info.
**		e -- the envelope (unused).
**
**	Returns:
**		none.
*/

static void getsasldata __P((char *, bool, MAILER *, MCI *, ENVELOPE *));

static void
getsasldata(line, firstline, m, mci, e)
	char *line;
	bool firstline;
	MAILER *m;
	register MCI *mci;
	ENVELOPE *e;
{
	int len;
	int result;
# if SASL < 20000
	char *out;
# endif /* SASL < 20000 */

	/* if not a continue we don't care about it */
	len = strlen(line);
	if ((len <= 4) ||
	    (line[0] != '3') ||
	     !isascii(line[1]) || !isdigit(line[1]) ||
	     !isascii(line[2]) || !isdigit(line[2]))
	{
		SM_FREE_CLR(mci->mci_sasl_string);
		return;
	}

	/* forget about "334 " */
	line += 4;
	len -= 4;
# if SASL >= 20000
	/* XXX put this into a macro/function? It's duplicated below */
	if (mci->mci_sasl_string != NULL)
	{
		if (mci->mci_sasl_string_len <= len)
		{
			sm_free(mci->mci_sasl_string); /* XXX */
			mci->mci_sasl_string = xalloc(len + 1);
		}
	}
	else
		mci->mci_sasl_string = xalloc(len + 1);

	result = sasl_decode64(line, len, mci->mci_sasl_string, len + 1,
			       (unsigned int *) &mci->mci_sasl_string_len);
	if (result != SASL_OK)
	{
		mci->mci_sasl_string_len = 0;
		*mci->mci_sasl_string = '\0';
	}
# else /* SASL >= 20000 */
	out = (char *) sm_rpool_malloc_x(mci->mci_rpool, len + 1);
	result = sasl_decode64(line, len, out, (unsigned int *) &len);
	if (result != SASL_OK)
	{
		len = 0;
		*out = '\0';
	}

	/*
	**  mci_sasl_string is "shared" with Cyrus-SASL library; hence
	**	it can't be in an rpool unless we use the same memory
	**	management mechanism (with same rpool!) for Cyrus SASL.
	*/

	if (mci->mci_sasl_string != NULL)
	{
		if (mci->mci_sasl_string_len <= len)
		{
			sm_free(mci->mci_sasl_string); /* XXX */
			mci->mci_sasl_string = xalloc(len + 1);
		}
	}
	else
		mci->mci_sasl_string = xalloc(len + 1);

	memcpy(mci->mci_sasl_string, out, len);
	mci->mci_sasl_string[len] = '\0';
	mci->mci_sasl_string_len = len;
# endif /* SASL >= 20000 */
	return;
}
/*
**  READAUTH -- read auth values from a file
**
**	Parameters:
**		filename -- name of file to read.
**		safe -- if set, this is a safe read.
**		sai -- where to store auth_info.
**		rpool -- resource pool for sai.
**
**	Returns:
**		EX_OK -- data succesfully read.
**		EX_UNAVAILABLE -- no valid filename.
**		EX_TEMPFAIL -- temporary failure.
*/

static char *sasl_info_name[] =
{
	"user id",
	"authentication id",
	"password",
	"realm",
	"mechlist"
};
static int
readauth(filename, safe, sai, rpool)
	char *filename;
	bool safe;
	SASL_AI_T *sai;
	SM_RPOOL_T *rpool;
{
	SM_FILE_T *f;
	long sff;
	pid_t pid;
	int lc;
	char *s;
	char buf[MAXLINE];

	if (filename == NULL || filename[0] == '\0')
		return EX_UNAVAILABLE;

#if !_FFR_ALLOW_SASLINFO
	/*
	**  make sure we don't use a program that is not
	**  accesible to the user who specified a different authinfo file.
	**  However, currently we don't pass this info (authinfo file
	**  specified by user) around, so we just turn off program access.
	*/

	if (filename[0] == '|')
	{
		auto int fd;
		int i;
		char *p;
		char *argv[MAXPV + 1];

		i = 0;
		for (p = strtok(&filename[1], " \t"); p != NULL;
		     p = strtok(NULL, " \t"))
		{
			if (i >= MAXPV)
				break;
			argv[i++] = p;
		}
		argv[i] = NULL;
		pid = prog_open(argv, &fd, CurEnv);
		if (pid < 0)
			f = NULL;
		else
			f = sm_io_open(SmFtStdiofd, SM_TIME_DEFAULT,
				       (void *) &fd, SM_IO_RDONLY, NULL);
	}
	else
#endif /* !_FFR_ALLOW_SASLINFO */
	{
		pid = -1;
		sff = SFF_REGONLY|SFF_SAFEDIRPATH|SFF_NOWLINK
		      |SFF_NOGWFILES|SFF_NOWWFILES|SFF_NOWRFILES;
# if _FFR_GROUPREADABLEAUTHINFOFILE
		if (!bitnset(DBS_GROUPREADABLEAUTHINFOFILE, DontBlameSendmail))
# endif /* _FFR_GROUPREADABLEAUTHINFOFILE */
			sff |= SFF_NOGRFILES;
		if (DontLockReadFiles)
			sff |= SFF_NOLOCK;

#if _FFR_ALLOW_SASLINFO
		/*
		**  XXX: make sure we don't read or open files that are not
		**  accesible to the user who specified a different authinfo
		**  file.
		*/

		sff |= SFF_MUSTOWN;
#else /* _FFR_ALLOW_SASLINFO */
		if (safe)
			sff |= SFF_OPENASROOT;
#endif /* _FFR_ALLOW_SASLINFO */

		f = safefopen(filename, O_RDONLY, 0, sff);
	}
	if (f == NULL)
	{
		if (LogLevel > 5)
			sm_syslog(LOG_ERR, NOQID,
				  "AUTH=client, error: can't open %s: %s",
				  filename, sm_errstring(errno));
		return EX_TEMPFAIL;
	}

	lc = 0;
	while (lc <= SASL_MECHLIST &&
		sm_io_fgets(f, SM_TIME_DEFAULT, buf, sizeof(buf)) != NULL)
	{
		if (buf[0] != '#')
		{
			(*sai)[lc] = sm_rpool_strdup_x(rpool, buf);
			if ((s = strchr((*sai)[lc], '\n')) != NULL)
				*s = '\0';
			lc++;
		}
	}

	(void) sm_io_close(f, SM_TIME_DEFAULT);
	if (pid > 0)
		(void) waitfor(pid);
	if (lc < SASL_PASSWORD)
	{
		if (LogLevel > 8)
			sm_syslog(LOG_ERR, NOQID,
				  "AUTH=client, error: can't read %s from %s",
				  sasl_info_name[lc + 1], filename);
		return EX_TEMPFAIL;
	}
	return EX_OK;
}

/*
**  GETAUTH -- get authinfo from ruleset call
**
**	{server_name}, {server_addr} must be set
**
**	Parameters:
**		mci -- the mailer connection structure.
**		e -- the envelope (including the sender to specify).
**		sai -- pointer to authinfo (result).
**
**	Returns:
**		EX_OK -- ruleset was succesfully called, data may not
**			be available, sai must be checked.
**		EX_UNAVAILABLE -- ruleset unavailable (or failed).
**		EX_TEMPFAIL -- temporary failure (from ruleset).
**
**	Side Effects:
**		Fills in sai if successful.
*/

static int
getauth(mci, e, sai)
	MCI *mci;
	ENVELOPE *e;
	SASL_AI_T *sai;
{
	int i, r, l, got, ret;
	char **pvp;
	char pvpbuf[PSBUFSIZE];

	r = rscap("authinfo", macvalue(macid("{server_name}"), e),
		   macvalue(macid("{server_addr}"), e), e,
		   &pvp, pvpbuf, sizeof(pvpbuf));

	if (r != EX_OK)
		return EX_UNAVAILABLE;

	/* other than expected return value: ok (i.e., no auth) */
	if (pvp == NULL || pvp[0] == NULL || (pvp[0][0] & 0377) != CANONNET)
		return EX_OK;
	if (pvp[1] != NULL && sm_strncasecmp(pvp[1], "temp", 4) == 0)
		return EX_TEMPFAIL;

	/*
	**  parse the data, put it into sai
	**  format: "TDstring" (including the '"' !)
	**  where T is a tag: 'U', ...
	**  D is a delimiter: ':' or '='
	*/

	ret = EX_OK;	/* default return value */
	i = 0;
	got = 0;
	while (i < SASL_ENTRIES)
	{
		if (pvp[i + 1] == NULL)
			break;
		if (pvp[i + 1][0] != '"')
			break;
		switch (pvp[i + 1][1])
		{
		  case 'U':
		  case 'u':
			r = SASL_USER;
			break;
		  case 'I':
		  case 'i':
			r = SASL_AUTHID;
			break;
		  case 'P':
		  case 'p':
			r = SASL_PASSWORD;
			break;
		  case 'R':
		  case 'r':
			r = SASL_DEFREALM;
			break;
		  case 'M':
		  case 'm':
			r = SASL_MECHLIST;
			break;
		  default:
			goto fail;
		}
		l = strlen(pvp[i + 1]);

		/* check syntax */
		if (l <= 3 || pvp[i + 1][l - 1] != '"')
			goto fail;

		/* remove closing quote */
		pvp[i + 1][l - 1] = '\0';

		/* remove "TD and " */
		l -= 4;
		(*sai)[r] = (char *) sm_rpool_malloc(mci->mci_rpool, l + 1);
		if ((*sai)[r] == NULL)
			goto tempfail;
		if (pvp[i + 1][2] == ':')
		{
			/* ':text' (just copy) */
			(void) sm_strlcpy((*sai)[r], pvp[i + 1] + 3, l + 1);
			got |= 1 << r;
		}
		else if (pvp[i + 1][2] == '=')
		{
			unsigned int len;

			/* '=base64' (decode) */
# if SASL >= 20000
			ret = sasl_decode64(pvp[i + 1] + 3,
					  (unsigned int) l, (*sai)[r],
					  (unsigned int) l + 1, &len);
# else /* SASL >= 20000 */
			ret = sasl_decode64(pvp[i + 1] + 3,
					  (unsigned int) l, (*sai)[r], &len);
# endif /* SASL >= 20000 */
			if (ret != SASL_OK)
				goto fail;
			got |= 1 << r;
		}
		else
			goto fail;
		if (tTd(95, 5))
			sm_syslog(LOG_DEBUG, NOQID, "getauth %s=%s",
				  sasl_info_name[r], (*sai)[r]);
		++i;
	}

	/* did we get the expected data? */
	/* XXX: EXTERNAL mechanism only requires (and only uses) SASL_USER */
	if (!(bitset(SASL_USER_BIT|SASL_AUTHID_BIT, got) &&
	      bitset(SASL_PASSWORD_BIT, got)))
		goto fail;

	/* no authid? copy uid */
	if (!bitset(SASL_AUTHID_BIT, got))
	{
		l = strlen((*sai)[SASL_USER]) + 1;
		(*sai)[SASL_AUTHID] = (char *) sm_rpool_malloc(mci->mci_rpool,
							       l + 1);
		if ((*sai)[SASL_AUTHID] == NULL)
			goto tempfail;
		(void) sm_strlcpy((*sai)[SASL_AUTHID], (*sai)[SASL_USER], l);
	}

	/* no uid? copy authid */
	if (!bitset(SASL_USER_BIT, got))
	{
		l = strlen((*sai)[SASL_AUTHID]) + 1;
		(*sai)[SASL_USER] = (char *) sm_rpool_malloc(mci->mci_rpool,
							     l + 1);
		if ((*sai)[SASL_USER] == NULL)
			goto tempfail;
		(void) sm_strlcpy((*sai)[SASL_USER], (*sai)[SASL_AUTHID], l);
	}
	return EX_OK;

  tempfail:
	ret = EX_TEMPFAIL;
  fail:
	if (LogLevel > 8)
		sm_syslog(LOG_WARNING, NOQID,
			  "AUTH=client, relay=%.64s [%.16s], authinfo %sfailed",
			  macvalue(macid("{server_name}"), e),
			  macvalue(macid("{server_addr}"), e),
			  ret == EX_TEMPFAIL ? "temp" : "");
	for (i = 0; i <= SASL_MECHLIST; i++)
		(*sai)[i] = NULL;	/* just clear; rpool */
	return ret;
}

# if SASL >= 20000
/*
**  GETSIMPLE -- callback to get userid or authid
**
**	Parameters:
**		context -- sai
**		id -- what to do
**		result -- (pointer to) result
**		len -- (pointer to) length of result
**
**	Returns:
**		OK/failure values
*/

static int
getsimple(context, id, result, len)
	void *context;
	int id;
	const char **result;
	unsigned *len;
{
	SASL_AI_T *sai;

	if (result == NULL || context == NULL)
		return SASL_BADPARAM;
	sai = (SASL_AI_T *) context;

	switch (id)
	{
	  case SASL_CB_USER:
		*result = (*sai)[SASL_USER];
		if (tTd(95, 5))
			sm_syslog(LOG_DEBUG, NOQID, "AUTH username '%s'",
				  *result);
		if (len != NULL)
			*len = *result != NULL ? strlen(*result) : 0;
		break;

	  case SASL_CB_AUTHNAME:
		*result = (*sai)[SASL_AUTHID];
		if (tTd(95, 5))
			sm_syslog(LOG_DEBUG, NOQID, "AUTH authid '%s'",
				  *result);
		if (len != NULL)
			*len = *result != NULL ? strlen(*result) : 0;
		break;

	  case SASL_CB_LANGUAGE:
		*result = NULL;
		if (len != NULL)
			*len = 0;
		break;

	  default:
		return SASL_BADPARAM;
	}
	return SASL_OK;
}
/*
**  GETSECRET -- callback to get password
**
**	Parameters:
**		conn -- connection information
**		context -- sai
**		id -- what to do
**		psecret -- (pointer to) result
**
**	Returns:
**		OK/failure values
*/

static int
getsecret(conn, context, id, psecret)
	sasl_conn_t *conn;
	SM_UNUSED(void *context);
	int id;
	sasl_secret_t **psecret;
{
	int len;
	char *authpass;
	MCI *mci;

	if (conn == NULL || psecret == NULL || id != SASL_CB_PASS)
		return SASL_BADPARAM;

	mci = (MCI *) context;
	authpass = mci->mci_sai[SASL_PASSWORD];
	len = strlen(authpass);

	/*
	**  use an rpool because we are responsible for free()ing the secret,
	**  but we can't free() it until after the auth completes
	*/

	*psecret = (sasl_secret_t *) sm_rpool_malloc(mci->mci_rpool,
						     sizeof(sasl_secret_t) +
						     len + 1);
	if (*psecret == NULL)
		return SASL_FAIL;
	(void) sm_strlcpy((char *) (*psecret)->data, authpass, len + 1);
	(*psecret)->len = (unsigned long) len;
	return SASL_OK;
}
# else /* SASL >= 20000 */
/*
**  GETSIMPLE -- callback to get userid or authid
**
**	Parameters:
**		context -- sai
**		id -- what to do
**		result -- (pointer to) result
**		len -- (pointer to) length of result
**
**	Returns:
**		OK/failure values
*/

static int
getsimple(context, id, result, len)
	void *context;
	int id;
	const char **result;
	unsigned *len;
{
	char *h, *s;
# if SASL > 10509
	bool addrealm;
# endif /* SASL > 10509 */
	size_t l;
	SASL_AI_T *sai;
	char *authid = NULL;

	if (result == NULL || context == NULL)
		return SASL_BADPARAM;
	sai = (SASL_AI_T *) context;

	/*
	**  Unfortunately it is not clear whether this routine should
	**  return a copy of a string or just a pointer to a string.
	**  The Cyrus-SASL plugins treat these return values differently, e.g.,
	**  plugins/cram.c free()s authid, plugings/digestmd5.c does not.
	**  The best solution to this problem is to fix Cyrus-SASL, but it
	**  seems there is nobody who creates patches... Hello CMU!?
	**  The second best solution is to have flags that tell this routine
	**  whether to return an malloc()ed copy.
	**  The next best solution is to always return an malloc()ed copy,
	**  and suffer from some memory leak, which is ugly for persistent
	**  queue runners.
	**  For now we go with the last solution...
	**  We can't use rpools (which would avoid this particular problem)
	**  as explained in sasl.c.
	*/

	switch (id)
	{
	  case SASL_CB_USER:
		l = strlen((*sai)[SASL_USER]) + 1;
		s = sm_sasl_malloc(l);
		if (s == NULL)
		{
			if (len != NULL)
				*len = 0;
			*result = NULL;
			return SASL_NOMEM;
		}
		(void) sm_strlcpy(s, (*sai)[SASL_USER], l);
		*result = s;
		if (tTd(95, 5))
			sm_syslog(LOG_DEBUG, NOQID, "AUTH username '%s'",
				  *result);
		if (len != NULL)
			*len = *result != NULL ? strlen(*result) : 0;
		break;

	  case SASL_CB_AUTHNAME:
		h = (*sai)[SASL_AUTHID];
# if SASL > 10509
		/* XXX maybe other mechanisms too?! */
		addrealm = (*sai)[SASL_MECH] != NULL &&
			   sm_strcasecmp((*sai)[SASL_MECH], "CRAM-MD5") == 0;

		/*
		**  Add realm to authentication id unless authid contains
		**  '@' (i.e., a realm) or the default realm is empty.
		*/

		if (addrealm && h != NULL && strchr(h, '@') == NULL)
		{
			/* has this been done before? */
			if ((*sai)[SASL_ID_REALM] == NULL)
			{
				char *realm;

				realm = (*sai)[SASL_DEFREALM];

				/* do not add an empty realm */
				if (*realm == '\0')
				{
					authid = h;
					(*sai)[SASL_ID_REALM] = NULL;
				}
				else
				{
					l = strlen(h) + strlen(realm) + 2;

					/* should use rpool, but from where? */
					authid = sm_sasl_malloc(l);
					if (authid != NULL)
					{
						(void) sm_snprintf(authid, l,
								  "%s@%s",
								   h, realm);
						(*sai)[SASL_ID_REALM] = authid;
					}
					else
					{
						authid = h;
						(*sai)[SASL_ID_REALM] = NULL;
					}
				}
			}
			else
				authid = (*sai)[SASL_ID_REALM];
		}
		else
# endif /* SASL > 10509 */
			authid = h;
		l = strlen(authid) + 1;
		s = sm_sasl_malloc(l);
		if (s == NULL)
		{
			if (len != NULL)
				*len = 0;
			*result = NULL;
			return SASL_NOMEM;
		}
		(void) sm_strlcpy(s, authid, l);
		*result = s;
		if (tTd(95, 5))
			sm_syslog(LOG_DEBUG, NOQID, "AUTH authid '%s'",
				  *result);
		if (len != NULL)
			*len = authid ? strlen(authid) : 0;
		break;

	  case SASL_CB_LANGUAGE:
		*result = NULL;
		if (len != NULL)
			*len = 0;
		break;

	  default:
		return SASL_BADPARAM;
	}
	return SASL_OK;
}
/*
**  GETSECRET -- callback to get password
**
**	Parameters:
**		conn -- connection information
**		context -- sai
**		id -- what to do
**		psecret -- (pointer to) result
**
**	Returns:
**		OK/failure values
*/

static int
getsecret(conn, context, id, psecret)
	sasl_conn_t *conn;
	SM_UNUSED(void *context);
	int id;
	sasl_secret_t **psecret;
{
	int len;
	char *authpass;
	SASL_AI_T *sai;

	if (conn == NULL || psecret == NULL || id != SASL_CB_PASS)
		return SASL_BADPARAM;

	sai = (SASL_AI_T *) context;
	authpass = (*sai)[SASL_PASSWORD];
	len = strlen(authpass);
	*psecret = (sasl_secret_t *) sm_sasl_malloc(sizeof(sasl_secret_t) +
						    len + 1);
	if (*psecret == NULL)
		return SASL_FAIL;
	(void) sm_strlcpy((*psecret)->data, authpass, len + 1);
	(*psecret)->len = (unsigned long) len;
	return SASL_OK;
}
# endif /* SASL >= 20000 */

/*
**  SAFESASLFILE -- callback for sasl: is file safe?
**
**	Parameters:
**		context -- pointer to context between invocations (unused)
**		file -- name of file to check
**		type -- type of file to check
**
**	Returns:
**		SASL_OK -- file can be used
**		SASL_CONTINUE -- don't use file
**		SASL_FAIL -- failure (not used here)
**
*/

int
#if SASL > 10515
safesaslfile(context, file, type)
#else /* SASL > 10515 */
safesaslfile(context, file)
#endif /* SASL > 10515 */
	void *context;
# if SASL >= 20000
	const char *file;
# else /* SASL >= 20000 */
	char *file;
# endif /* SASL >= 20000 */
#if SASL > 10515
# if SASL >= 20000
	sasl_verify_type_t type;
# else /* SASL >= 20000 */
	int type;
# endif /* SASL >= 20000 */
#endif /* SASL > 10515 */
{
	long sff;
	int r;
#if SASL <= 10515
	size_t len;
#endif /* SASL <= 10515 */
	char *p;

	if (file == NULL || *file == '\0')
		return SASL_OK;
	sff = SFF_SAFEDIRPATH|SFF_NOWLINK|SFF_NOWWFILES|SFF_ROOTOK;
#if SASL <= 10515
	if ((p = strrchr(file, '/')) == NULL)
		p = file;
	else
		++p;

	/* everything beside libs and .conf files must not be readable */
	len = strlen(p);
	if ((len <= 3 || strncmp(p, "lib", 3) != 0) &&
	    (len <= 5 || strncmp(p + len - 5, ".conf", 5) != 0))
	{
		if (!bitnset(DBS_GROUPREADABLESASLDBFILE, DontBlameSendmail))
			sff |= SFF_NORFILES;
		if (!bitnset(DBS_GROUPWRITABLESASLDBFILE, DontBlameSendmail))
			sff |= SFF_NOGWFILES;
	}
#else /* SASL <= 10515 */
	/* files containing passwords should be not readable */
	if (type == SASL_VRFY_PASSWD)
	{
		if (bitnset(DBS_GROUPREADABLESASLDBFILE, DontBlameSendmail))
			sff |= SFF_NOWRFILES;
		else
			sff |= SFF_NORFILES;
		if (!bitnset(DBS_GROUPWRITABLESASLDBFILE, DontBlameSendmail))
			sff |= SFF_NOGWFILES;
	}
#endif /* SASL <= 10515 */

	p = (char *) file;
	if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff,
			  S_IRUSR, NULL)) == 0)
		return SASL_OK;
	if (LogLevel > (r != ENOENT ? 8 : 10))
		sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s",
			  p, sm_errstring(r));
	return SASL_CONTINUE;
}

/*
**  SASLGETREALM -- return the realm for SASL
**
**	return the realm for the client
**
**	Parameters:
**		context -- context shared between invocations
**		availrealms -- list of available realms
**			{realm, realm, ...}
**		result -- pointer to result
**
**	Returns:
**		failure/success
*/

static int
saslgetrealm(context, id, availrealms, result)
	void *context;
	int id;
	const char **availrealms;
	const char **result;
{
	char *r;
	SASL_AI_T *sai;

	sai = (SASL_AI_T *) context;
	if (sai == NULL)
		return SASL_FAIL;
	r = (*sai)[SASL_DEFREALM];

	if (LogLevel > 12)
		sm_syslog(LOG_INFO, NOQID,
			  "AUTH=client, realm=%s, available realms=%s",
			  r == NULL ? "<No Realm>" : r,
			  (availrealms == NULL || *availrealms == NULL)
				? "<No Realms>" : *availrealms);

	/* check whether context is in list */
	if (availrealms != NULL && *availrealms != NULL)
	{
		if (iteminlist(context, (char *)(*availrealms + 1), " ,}") ==
		    NULL)
		{
			if (LogLevel > 8)
				sm_syslog(LOG_ERR, NOQID,
					  "AUTH=client, realm=%s not in list=%s",
					  r, *availrealms);
			return SASL_FAIL;
		}
	}
	*result = r;
	return SASL_OK;
}
/*
**  ITEMINLIST -- does item appear in list?
**
**	Check whether item appears in list (which must be separated by a
**	character in delim) as a "word", i.e. it must appear at the begin
**	of the list or after a space, and it must end with a space or the
**	end of the list.
**
**	Parameters:
**		item -- item to search.
**		list -- list of items.
**		delim -- list of delimiters.
**
**	Returns:
**		pointer to occurrence (NULL if not found).
*/

char *
iteminlist(item, list, delim)
	char *item;
	char *list;
	char *delim;
{
	char *s;
	int len;

	if (list == NULL || *list == '\0')
		return NULL;
	if (item == NULL || *item == '\0')
		return NULL;
	s = list;
	len = strlen(item);
	while (s != NULL && *s != '\0')
	{
		if (sm_strncasecmp(s, item, len) == 0 &&
		    (s[len] == '\0' || strchr(delim, s[len]) != NULL))
			return s;
		s = strpbrk(s, delim);
		if (s != NULL)
			while (*++s == ' ')
				continue;
	}
	return NULL;
}
/*
**  REMOVEMECH -- remove item [rem] from list [list]
**
**	Parameters:
**		rem -- item to remove
**		list -- list of items
**		rpool -- resource pool from which result is allocated.
**
**	Returns:
**		pointer to new list (NULL in case of error).
*/

static char *
removemech(rem, list, rpool)
	char *rem;
	char *list;
	SM_RPOOL_T *rpool;
{
	char *ret;
	char *needle;
	int len;

	if (list == NULL)
		return NULL;
	if (rem == NULL || *rem == '\0')
	{
		/* take out what? */
		return NULL;
	}

	/* find the item in the list */
	if ((needle = iteminlist(rem, list, " ")) == NULL)
	{
		/* not in there: return original */
		return list;
	}

	/* length of string without rem */
	len = strlen(list) - strlen(rem);
	if (len <= 0)
	{
		ret = (char *) sm_rpool_malloc_x(rpool, 1);
		*ret = '\0';
		return ret;
	}
	ret = (char *) sm_rpool_malloc_x(rpool, len);
	memset(ret, '\0', len);

	/* copy from start to removed item */
	memcpy(ret, list, needle - list);

	/* length of rest of string past removed item */
	len = strlen(needle) - strlen(rem) - 1;
	if (len > 0)
	{
		/* not last item -- copy into string */
		memcpy(ret + (needle - list),
		       list + (needle - list) + strlen(rem) + 1,
		       len);
	}
	else
		ret[(needle - list) - 1] = '\0';
	return ret;
}
/*
**  ATTEMPTAUTH -- try to AUTHenticate using one mechanism
**
**	Parameters:
**		m -- the mailer.
**		mci -- the mailer connection structure.
**		e -- the envelope (including the sender to specify).
**		sai - sasl authinfo
**
**	Returns:
**		EX_OK -- authentication was successful.
**		EX_NOPERM -- authentication failed.
**		EX_IOERR -- authentication dialogue failed (I/O problem?).
**		EX_TEMPFAIL -- temporary failure.
**
*/

static int
attemptauth(m, mci, e, sai)
	MAILER *m;
	MCI *mci;
	ENVELOPE *e;
	SASL_AI_T *sai;
{
	int saslresult, smtpresult;
# if SASL >= 20000
	sasl_ssf_t ssf;
	const char *auth_id;
	const char *out;
# else /* SASL >= 20000 */
	sasl_external_properties_t ssf;
	char *out;
# endif /* SASL >= 20000 */
	unsigned int outlen;
	sasl_interact_t *client_interact = NULL;
	char *mechusing;
	sasl_security_properties_t ssp;

	/* MUST NOT be a multiple of 4: bug in some sasl_encode64() versions */
	char in64[MAXOUTLEN + 1];
#if NETINET || (NETINET6 && SASL >= 20000)
	extern SOCKADDR CurHostAddr;
#endif /* NETINET || (NETINET6 && SASL >= 20000) */

	/* no mechanism selected (yet) */
	(*sai)[SASL_MECH] = NULL;

	/* dispose old connection */
	if (mci->mci_conn != NULL)
		sasl_dispose(&(mci->mci_conn));

	/* make a new client sasl connection */
# if SASL >= 20000
	/*
	**  We provide the callbacks again because global callbacks in
	**  sasl_client_init() are ignored if SASL has been initialized
	**  before, for example, by a library such as libnss-ldap.
	*/

	saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
								 : "smtp",
				     CurHostName, NULL, NULL, callbacks, 0,
				     &mci->mci_conn);
# else /* SASL >= 20000 */
	saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
								 : "smtp",
				     CurHostName, NULL, 0, &mci->mci_conn);
# endif /* SASL >= 20000 */
	if (saslresult != SASL_OK)
		return EX_TEMPFAIL;

	/* set properties */
	(void) memset(&ssp, '\0', sizeof(ssp));

	/* XXX should these be options settable via .cf ? */
	{
		ssp.max_ssf = MaxSLBits;
		ssp.maxbufsize = MAXOUTLEN;
#  if 0
		ssp.security_flags = SASL_SEC_NOPLAINTEXT;
#  endif /* 0 */
	}
	saslresult = sasl_setprop(mci->mci_conn, SASL_SEC_PROPS, &ssp);
	if (saslresult != SASL_OK)
		return EX_TEMPFAIL;

# if SASL >= 20000
	/* external security strength factor, authentication id */
	ssf = 0;
	auth_id = NULL;
#  if STARTTLS
	out = macvalue(macid("{cert_subject}"), e);
	if (out != NULL && *out != '\0')
		auth_id = out;
	out = macvalue(macid("{cipher_bits}"), e);
	if (out != NULL && *out != '\0')
		ssf = atoi(out);
#  endif /* STARTTLS */
	saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf);
	if (saslresult != SASL_OK)
		return EX_TEMPFAIL;
	saslresult = sasl_setprop(mci->mci_conn, SASL_AUTH_EXTERNAL, auth_id);
	if (saslresult != SASL_OK)
		return EX_TEMPFAIL;

#  if NETINET || NETINET6
	/* set local/remote ipv4 addresses */
	if (mci->mci_out != NULL && (
#   if NETINET6
		CurHostAddr.sa.sa_family == AF_INET6 ||
#   endif /* NETINET6 */
		CurHostAddr.sa.sa_family == AF_INET))
	{
		SOCKADDR_LEN_T addrsize;
		SOCKADDR saddr_l;
		char localip[60], remoteip[60];

		switch (CurHostAddr.sa.sa_family)
		{
		  case AF_INET:
			addrsize = sizeof(struct sockaddr_in);
			break;
#   if NETINET6
		  case AF_INET6:
			addrsize = sizeof(struct sockaddr_in6);
			break;
#   endif /* NETINET6 */
		  default:
			break;
		}
		if (iptostring(&CurHostAddr, addrsize,
			       remoteip, sizeof(remoteip)))
		{
			if (sasl_setprop(mci->mci_conn, SASL_IPREMOTEPORT,
					 remoteip) != SASL_OK)
				return EX_TEMPFAIL;
		}
		addrsize = sizeof(saddr_l);
		if (getsockname(sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD,
					      NULL),
				(struct sockaddr *) &saddr_l, &addrsize) == 0)
		{
			if (iptostring(&saddr_l, addrsize,
				       localip, sizeof(localip)))
			{
				if (sasl_setprop(mci->mci_conn,
						 SASL_IPLOCALPORT,
						 localip) != SASL_OK)
					return EX_TEMPFAIL;
			}
		}
	}
#  endif /* NETINET || NETINET6 */

	/* start client side of sasl */
	saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap,
				       &client_interact,
				       &out, &outlen,
				       (const char **) &mechusing);
# else /* SASL >= 20000 */
	/* external security strength factor, authentication id */
	ssf.ssf = 0;
	ssf.auth_id = NULL;
#  if STARTTLS
	out = macvalue(macid("{cert_subject}"), e);
	if (out != NULL && *out != '\0')
		ssf.auth_id = out;
	out = macvalue(macid("{cipher_bits}"), e);
	if (out != NULL && *out != '\0')
		ssf.ssf = atoi(out);
#  endif /* STARTTLS */
	saslresult = sasl_setprop(mci->mci_conn, SASL_SSF_EXTERNAL, &ssf);
	if (saslresult != SASL_OK)
		return EX_TEMPFAIL;

#  if NETINET
	/* set local/remote ipv4 addresses */
	if (mci->mci_out != NULL && CurHostAddr.sa.sa_family == AF_INET)
	{
		SOCKADDR_LEN_T addrsize;
		struct sockaddr_in saddr_l;

		if (sasl_setprop(mci->mci_conn, SASL_IP_REMOTE,
				 (struct sockaddr_in *) &CurHostAddr)
		    != SASL_OK)
			return EX_TEMPFAIL;
		addrsize = sizeof(struct sockaddr_in);
		if (getsockname(sm_io_getinfo(mci->mci_out, SM_IO_WHAT_FD,
					      NULL),
				(struct sockaddr *) &saddr_l, &addrsize) == 0)
		{
			if (sasl_setprop(mci->mci_conn, SASL_IP_LOCAL,
					 &saddr_l) != SASL_OK)
				return EX_TEMPFAIL;
		}
	}
#  endif /* NETINET */

	/* start client side of sasl */
	saslresult = sasl_client_start(mci->mci_conn, mci->mci_saslcap,
				       NULL, &client_interact,
				       &out, &outlen,
				       (const char **) &mechusing);
# endif /* SASL >= 20000 */

	if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
	{
		if (saslresult == SASL_NOMECH && LogLevel > 8)
		{
			sm_syslog(LOG_NOTICE, e->e_id,
				  "AUTH=client, available mechanisms do not fulfill requirements");
		}
		return EX_TEMPFAIL;
	}

	/* just point current mechanism to the data in the sasl library */
	(*sai)[SASL_MECH] = mechusing;

	/* send the info across the wire */
	if (out == NULL
		/* login and digest-md5 up to 1.5.28 set out="" */
	    || (outlen == 0 &&
		(sm_strcasecmp(mechusing, "LOGIN") == 0 ||
		 sm_strcasecmp(mechusing, "DIGEST-MD5") == 0))
	   )
	{
		/* no initial response */
		smtpmessage("AUTH %s", m, mci, mechusing);
	}
	else if (outlen == 0)
	{
		/*
		**  zero-length initial response, per RFC 2554 4.:
		**  "Unlike a zero-length client answer to a 334 reply, a zero-
		**  length initial response is sent as a single equals sign"
		*/

		smtpmessage("AUTH %s =", m, mci, mechusing);
	}
	else
	{
		saslresult = sasl_encode64(out, outlen, in64, sizeof(in64),
					   NULL);
		if (saslresult != SASL_OK) /* internal error */
		{
			if (LogLevel > 8)
				sm_syslog(LOG_ERR, e->e_id,
					"encode64 for AUTH failed");
			return EX_TEMPFAIL;
		}
		smtpmessage("AUTH %s %s", m, mci, mechusing, in64);
	}
# if SASL < 20000
	sm_sasl_free(out); /* XXX only if no rpool is used */
# endif /* SASL < 20000 */

	/* get the reply */
	smtpresult = reply(m, mci, e, TimeOuts.to_auth, getsasldata, NULL,
			XS_AUTH);

	for (;;)
	{
		/* check return code from server */
		if (smtpresult == 235)
		{
			macdefine(&mci->mci_macro, A_TEMP, macid("{auth_type}"),
				  mechusing);
			return EX_OK;
		}
		if (smtpresult == -1)
			return EX_IOERR;
		if (REPLYTYPE(smtpresult) == 5)
			return EX_NOPERM;	/* ugly, but ... */
		if (REPLYTYPE(smtpresult) != 3)
		{
			/* should we fail deliberately, see RFC 2554 4. ? */
			/* smtpmessage("*", m, mci); */
			return EX_TEMPFAIL;
		}

		saslresult = sasl_client_step(mci->mci_conn,
					      mci->mci_sasl_string,
					      mci->mci_sasl_string_len,
					      &client_interact,
					      &out, &outlen);

		if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
		{
			if (tTd(95, 5))
				sm_dprintf("AUTH FAIL=%s (%d)\n",
					sasl_errstring(saslresult, NULL, NULL),
					saslresult);

			/* fail deliberately, see RFC 2554 4. */
			smtpmessage("*", m, mci);

			/*
			**  but we should only fail for this authentication
			**  mechanism; how to do that?
			*/

			smtpresult = reply(m, mci, e, TimeOuts.to_auth,
					   getsasldata, NULL, XS_AUTH);
			return EX_NOPERM;
		}

		if (outlen > 0)
		{
			saslresult = sasl_encode64(out, outlen, in64,
						   sizeof(in64), NULL);
			if (saslresult != SASL_OK)
			{
				/* give an error reply to the other side! */
				smtpmessage("*", m, mci);
				return EX_TEMPFAIL;
			}
		}
		else
			in64[0] = '\0';
# if SASL < 20000
		sm_sasl_free(out); /* XXX only if no rpool is used */
# endif /* SASL < 20000 */
		smtpmessage("%s", m, mci, in64);
		smtpresult = reply(m, mci, e, TimeOuts.to_auth,
				   getsasldata, NULL, XS_AUTH);
	}
	/* NOTREACHED */
}
/*
**  SMTPAUTH -- try to AUTHenticate
**
**	This will try mechanisms in the order the sasl library decided until:
**	- there are no more mechanisms
**	- a mechanism succeeds
**	- the sasl library fails initializing
**
**	Parameters:
**		m -- the mailer.
**		mci -- the mailer connection info.
**		e -- the envelope.
**
**	Returns:
**		EX_OK -- authentication was successful
**		EX_UNAVAILABLE -- authentication not possible, e.g.,
**			no data available.
**		EX_NOPERM -- authentication failed.
**		EX_TEMPFAIL -- temporary failure.
**
**	Notice: AuthInfo is used for all connections, hence we must
**		return EX_TEMPFAIL only if we really want to retry, i.e.,
**		iff getauth() tempfailed or getauth() was used and
**		authentication tempfailed.
*/

int
smtpauth(m, mci, e)
	MAILER *m;
	MCI *mci;
	ENVELOPE *e;
{
	int result;
	int i;
	bool usedgetauth;

	mci->mci_sasl_auth = false;
	for (i = 0; i < SASL_MECH ; i++)
		mci->mci_sai[i] = NULL;

	result = getauth(mci, e, &(mci->mci_sai));
	if (result == EX_TEMPFAIL)
		return result;
	usedgetauth = true;

	/* no data available: don't try to authenticate */
	if (result == EX_OK && mci->mci_sai[SASL_AUTHID] == NULL)
		return result;
	if (result != EX_OK)
	{
		if (SASLInfo == NULL)
			return EX_UNAVAILABLE;

		/* read authinfo from file */
		result = readauth(SASLInfo, true, &(mci->mci_sai),
				  mci->mci_rpool);
		if (result != EX_OK)
			return result;
		usedgetauth = false;
	}

	/* check whether sufficient data is available */
	if (mci->mci_sai[SASL_PASSWORD] == NULL ||
	    *(mci->mci_sai)[SASL_PASSWORD] == '\0')
		return EX_UNAVAILABLE;
	if ((mci->mci_sai[SASL_AUTHID] == NULL ||
	     *(mci->mci_sai)[SASL_AUTHID] == '\0') &&
	    (mci->mci_sai[SASL_USER] == NULL ||
	     *(mci->mci_sai)[SASL_USER] == '\0'))
		return EX_UNAVAILABLE;

	/* set the context for the callback function to sai */
# if SASL >= 20000
	callbacks[CB_PASS_IDX].context = (void *) mci;
# else /* SASL >= 20000 */
	callbacks[CB_PASS_IDX].context = (void *) &mci->mci_sai;
# endif /* SASL >= 20000 */
	callbacks[CB_USER_IDX].context = (void *) &mci->mci_sai;
	callbacks[CB_AUTHNAME_IDX].context = (void *) &mci->mci_sai;
	callbacks[CB_GETREALM_IDX].context = (void *) &mci->mci_sai;
#if 0
	callbacks[CB_SAFESASL_IDX].context = (void *) &mci->mci_sai;
#endif /* 0 */

	/* set default value for realm */
	if ((mci->mci_sai)[SASL_DEFREALM] == NULL)
		(mci->mci_sai)[SASL_DEFREALM] = sm_rpool_strdup_x(e->e_rpool,
							macvalue('j', CurEnv));

	/* set default value for list of mechanism to use */
	if ((mci->mci_sai)[SASL_MECHLIST] == NULL ||
	    *(mci->mci_sai)[SASL_MECHLIST] == '\0')
		(mci->mci_sai)[SASL_MECHLIST] = AuthMechanisms;

	/* create list of mechanisms to try */
	mci->mci_saslcap = intersect((mci->mci_sai)[SASL_MECHLIST],
				     mci->mci_saslcap, mci->mci_rpool);

	/* initialize sasl client library */
	result = init_sasl_client();
	if (result != SASL_OK)
		return usedgetauth ? EX_TEMPFAIL : EX_UNAVAILABLE;
	do
	{
		result = attemptauth(m, mci, e, &(mci->mci_sai));
		if (result == EX_OK)
			mci->mci_sasl_auth = true;
		else if (result == EX_TEMPFAIL || result == EX_NOPERM)
		{
			mci->mci_saslcap = removemech((mci->mci_sai)[SASL_MECH],
						      mci->mci_saslcap,
						      mci->mci_rpool);
			if (mci->mci_saslcap == NULL ||
			    *(mci->mci_saslcap) == '\0')
				return usedgetauth ? result
						   : EX_UNAVAILABLE;
		}
		else
			return result;
	} while (result != EX_OK);
	return result;
}
#endif /* SASL */

/*
**  SMTPMAILFROM -- send MAIL command
**
**	Parameters:
**		m -- the mailer.
**		mci -- the mailer connection structure.
**		e -- the envelope (including the sender to specify).
*/

int
smtpmailfrom(m, mci, e)
	MAILER *m;
	MCI *mci;
	ENVELOPE *e;
{
	int r;
	char *bufp;
	char *bodytype;
	char *enhsc;
	char buf[MAXNAME + 1];
	char optbuf[MAXLINE];

	if (tTd(18, 2))
		sm_dprintf("smtpmailfrom: CurHost=%s\n", CurHostName);
	enhsc = NULL;

	/*
	**  Check if connection is gone, if so
	**  it's a tempfail and we use mci_errno
	**  for the reason.
	*/

	if (mci->mci_state == MCIS_CLOSED)
	{
		errno = mci->mci_errno;
		return EX_TEMPFAIL;
	}

	/* set up appropriate options to include */
	if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0)
	{
		(void) sm_snprintf(optbuf, sizeof(optbuf), " SIZE=%ld",
			e->e_msgsize);
		bufp = &optbuf[strlen(optbuf)];
	}
	else
	{
		optbuf[0] = '\0';
		bufp = optbuf;
	}

	bodytype = e->e_bodytype;
	if (bitset(MCIF_8BITMIME, mci->mci_flags))
	{
		if (bodytype == NULL &&
		    bitset(MM_MIME8BIT, MimeMode) &&
		    bitset(EF_HAS8BIT, e->e_flags) &&
		    !bitset(EF_DONT_MIME, e->e_flags) &&
		    !bitnset(M_8BITS, m->m_flags))
			bodytype = "8BITMIME";
		if (bodytype != NULL &&
		    SPACELEFT(optbuf, bufp) > strlen(bodytype) + 7)
		{
			(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
				 " BODY=%s", bodytype);
			bufp += strlen(bufp);
		}
	}
	else if (bitnset(M_8BITS, m->m_flags) ||
		 !bitset(EF_HAS8BIT, e->e_flags) ||
		 bitset(MCIF_8BITOK, mci->mci_flags))
	{
		/* EMPTY */
		/* just pass it through */
	}
#if MIME8TO7
	else if (bitset(MM_CVTMIME, MimeMode) &&
		 !bitset(EF_DONT_MIME, e->e_flags) &&
		 (!bitset(MM_PASS8BIT, MimeMode) ||
		  bitset(EF_IS_MIME, e->e_flags)))
	{
		/* must convert from 8bit MIME format to 7bit encoded */
		mci->mci_flags |= MCIF_CVT8TO7;
	}
#endif /* MIME8TO7 */
	else if (!bitset(MM_PASS8BIT, MimeMode))
	{
		/* cannot just send a 8-bit version */
		extern char MsgBuf[];

		usrerrenh("5.6.3", "%s does not support 8BITMIME", CurHostName);
		mci_setstat(mci, EX_NOTSTICKY, "5.6.3", MsgBuf);
		return EX_DATAERR;
	}

	if (bitset(MCIF_DSN, mci->mci_flags))
	{
		if (e->e_envid != NULL &&
		    SPACELEFT(optbuf, bufp) > strlen(e->e_envid) + 7)
		{
			(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
				 " ENVID=%s", e->e_envid);
			bufp += strlen(bufp);
		}

		/* RET= parameter */
		if (bitset(EF_RET_PARAM, e->e_flags) &&
		    SPACELEFT(optbuf, bufp) > 9)
		{
			(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
				 " RET=%s",
				 bitset(EF_NO_BODY_RETN, e->e_flags) ?
					"HDRS" : "FULL");
			bufp += strlen(bufp);
		}
	}

	if (bitset(MCIF_AUTH, mci->mci_flags) && e->e_auth_param != NULL &&
	    SPACELEFT(optbuf, bufp) > strlen(e->e_auth_param) + 7
#if SASL
	     && (!bitset(SASL_AUTH_AUTH, SASLOpts) || mci->mci_sasl_auth)
#endif /* SASL */
	    )
	{
		(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
			 " AUTH=%s", e->e_auth_param);
		bufp += strlen(bufp);
	}

	/*
	**  17 is the max length required, we could use log() to compute
	**  the exact length (and check IS_DLVR_TRACE())
	*/

	if (bitset(MCIF_DLVR_BY, mci->mci_flags) &&
	    IS_DLVR_BY(e) && SPACELEFT(optbuf, bufp) > 17)
	{
		long dby;

		/*
		**  Avoid problems with delays (for R) since the check
		**  in deliver() whether min-deliver-time is sufficient.
		**  Alternatively we could pass the computed time to this
		**  function.
		*/

		dby = e->e_deliver_by - (curtime() - e->e_ctime);
		if (dby <= 0 && IS_DLVR_RETURN(e))
			dby = mci->mci_min_by <= 0 ? 1 : mci->mci_min_by;
		(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
			" BY=%ld;%c%s",
			dby,
			IS_DLVR_RETURN(e) ? 'R' : 'N',
			IS_DLVR_TRACE(e) ? "T" : "");
		bufp += strlen(bufp);
	}

	/*
	**  Send the MAIL command.
	**	Designates the sender.
	*/

	mci->mci_state = MCIS_MAIL;

	if (bitset(EF_RESPONSE, e->e_flags) &&
	    !bitnset(M_NO_NULL_FROM, m->m_flags))
		buf[0] = '\0';
	else
		expand("\201g", buf, sizeof(buf), e);
	if (buf[0] == '<')
	{
		/* strip off <angle brackets> (put back on below) */
		bufp = &buf[strlen(buf) - 1];
		if (*bufp == '>')
			*bufp = '\0';
		bufp = &buf[1];
	}
	else
		bufp = buf;
	if (bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) ||
	    !bitnset(M_FROMPATH, m->m_flags))
	{
		smtpmessage("MAIL From:<%s>%s", m, mci, bufp, optbuf);
	}
	else
	{
		smtpmessage("MAIL From:<@%s%c%s>%s", m, mci, MyHostName,
			    *bufp == '@' ? ',' : ':', bufp, optbuf);
	}
	SmtpPhase = mci->mci_phase = "client MAIL";
	sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
			CurHostName, mci->mci_phase);
	r = reply(m, mci, e, TimeOuts.to_mail, NULL, &enhsc, XS_DEFAULT);
	if (r < 0)
	{
		/* communications failure */
		mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
		return EX_TEMPFAIL;
	}
	else if (r == SMTPCLOSING)
	{
		/* service shutting down: handled by reply() */
		return EX_TEMPFAIL;
	}
	else if (REPLYTYPE(r) == 4)
	{
		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, smtptodsn(r)),
			    SmtpReplyBuffer);
		return EX_TEMPFAIL;
	}
	else if (REPLYTYPE(r) == 2)
	{
		return EX_OK;
	}
	else if (r == 501)
	{
		/* syntax error in arguments */
		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.5.2"),
			    SmtpReplyBuffer);
		return EX_DATAERR;
	}
	else if (r == 553)
	{
		/* mailbox name not allowed */
		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.1.3"),
			    SmtpReplyBuffer);
		return EX_DATAERR;
	}
	else if (r == 552)
	{
		/* exceeded storage allocation */
		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.3.4"),
			    SmtpReplyBuffer);
		if (bitset(MCIF_SIZE, mci->mci_flags))
			e->e_flags |= EF_NO_BODY_RETN;
		return EX_UNAVAILABLE;
	}
	else if (REPLYTYPE(r) == 5)
	{
		/* unknown error */
		mci_setstat(mci, EX_NOTSTICKY, ENHSCN(enhsc, "5.0.0"),
			    SmtpReplyBuffer);
		return EX_UNAVAILABLE;
	}

	if (LogLevel > 1)
	{
		sm_syslog(LOG_CRIT, e->e_id,
			  "%.100s: SMTP MAIL protocol error: %s",
			  CurHostName,
			  shortenstring(SmtpReplyBuffer, 403));
	}

	/* protocol error -- close up */
	mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
		    SmtpReplyBuffer);
	smtpquit(m, mci, e);
	return EX_PROTOCOL;
}
/*
**  SMTPRCPT -- designate recipient.
**
**	Parameters:
**		to -- address of recipient.
**		m -- the mailer we are sending to.
**		mci -- the connection info for this transaction.
**		e -- the envelope for this transaction.
**
**	Returns:
**		exit status corresponding to recipient status.
**
**	Side Effects:
**		Sends the mail via SMTP.
*/

int
smtprcpt(to, m, mci, e, ctladdr, xstart)
	ADDRESS *to;
	register MAILER *m;
	MCI *mci;
	ENVELOPE *e;
	ADDRESS *ctladdr;
	time_t xstart;
{
	char *bufp;
	char optbuf[MAXLINE];

#if PIPELINING
	/*
	**  If there is status waiting from the other end, read it.
	**  This should normally happen because of SMTP pipelining.
	*/

	while (mci->mci_nextaddr != NULL &&
	       sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0)
	{
		int r;

		r = smtprcptstat(mci->mci_nextaddr, m, mci, e);
		if (r != EX_OK)
		{
			markfailure(e, mci->mci_nextaddr, mci, r, false);
			giveresponse(r, mci->mci_nextaddr->q_status,  m, mci,
				     ctladdr, xstart, e, to);
		}
		mci->mci_nextaddr = mci->mci_nextaddr->q_pchain;
	}
#endif /* PIPELINING */

	/*
	**  Check if connection is gone, if so
	**  it's a tempfail and we use mci_errno
	**  for the reason.
	*/

	if (mci->mci_state == MCIS_CLOSED)
	{
		errno = mci->mci_errno;
		return EX_TEMPFAIL;
	}

	optbuf[0] = '\0';
	bufp = optbuf;

	/*
	**  Warning: in the following it is assumed that the free space
	**  in bufp is sizeof(optbuf)
	*/

	if (bitset(MCIF_DSN, mci->mci_flags))
	{
		if (IS_DLVR_NOTIFY(e) &&
		    !bitset(MCIF_DLVR_BY, mci->mci_flags))
		{
			/* RFC 2852: 4.1.4.2 */
			if (!bitset(QHASNOTIFY, to->q_flags))
				to->q_flags |= QPINGONFAILURE|QPINGONDELAY|QHASNOTIFY;
			else if (bitset(QPINGONSUCCESS, to->q_flags) ||
				 bitset(QPINGONFAILURE, to->q_flags) ||
				 bitset(QPINGONDELAY, to->q_flags))
				to->q_flags |= QPINGONDELAY;
		}

		/* NOTIFY= parameter */
		if (bitset(QHASNOTIFY, to->q_flags) &&
		    bitset(QPRIMARY, to->q_flags) &&
		    !bitnset(M_LOCALMAILER, m->m_flags))
		{
			bool firstone = true;

			(void) sm_strlcat(bufp, " NOTIFY=", sizeof(optbuf));
			if (bitset(QPINGONSUCCESS, to->q_flags))
			{
				(void) sm_strlcat(bufp, "SUCCESS", sizeof(optbuf));
				firstone = false;
			}
			if (bitset(QPINGONFAILURE, to->q_flags))
			{
				if (!firstone)
					(void) sm_strlcat(bufp, ",",
						       sizeof(optbuf));
				(void) sm_strlcat(bufp, "FAILURE", sizeof(optbuf));
				firstone = false;
			}
			if (bitset(QPINGONDELAY, to->q_flags))
			{
				if (!firstone)
					(void) sm_strlcat(bufp, ",",
						       sizeof(optbuf));
				(void) sm_strlcat(bufp, "DELAY", sizeof(optbuf));
				firstone = false;
			}
			if (firstone)
				(void) sm_strlcat(bufp, "NEVER", sizeof(optbuf));
			bufp += strlen(bufp);
		}

		/* ORCPT= parameter */
		if (to->q_orcpt != NULL &&
		    SPACELEFT(optbuf, bufp) > strlen(to->q_orcpt) + 7)
		{
			(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
				 " ORCPT=%s", to->q_orcpt);
			bufp += strlen(bufp);
		}
	}

	smtpmessage("RCPT To:<%s>%s", m, mci, to->q_user, optbuf);
	mci->mci_state = MCIS_RCPT;

	SmtpPhase = mci->mci_phase = "client RCPT";
	sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
			CurHostName, mci->mci_phase);

#if PIPELINING
	/*
	**  If running SMTP pipelining, we will pick up status later
	*/

	if (bitset(MCIF_PIPELINED, mci->mci_flags))
		return EX_OK;
#endif /* PIPELINING */

	return smtprcptstat(to, m, mci, e);
}
/*
**  SMTPRCPTSTAT -- get recipient status
**
**	This is only called during SMTP pipelining
**
**	Parameters:
**		to -- address of recipient.
**		m -- mailer being sent to.
**		mci -- the mailer connection information.
**		e -- the envelope for this message.
**
**	Returns:
**		EX_* -- protocol status
*/

static int
smtprcptstat(to, m, mci, e)
	ADDRESS *to;
	MAILER *m;
	register MCI *mci;
	register ENVELOPE *e;
{
	int r;
	int save_errno;
	char *enhsc;

	/*
	**  Check if connection is gone, if so
	**  it's a tempfail and we use mci_errno
	**  for the reason.
	*/

	if (mci->mci_state == MCIS_CLOSED)
	{
		errno = mci->mci_errno;
		return EX_TEMPFAIL;
	}

	enhsc = NULL;
	r = reply(m, mci, e, TimeOuts.to_rcpt, NULL, &enhsc, XS_DEFAULT);
	save_errno = errno;
	to->q_rstatus = sm_rpool_strdup_x(e->e_rpool, SmtpReplyBuffer);
	to->q_status = ENHSCN_RPOOL(enhsc, smtptodsn(r), e->e_rpool);
	if (!bitnset(M_LMTP, m->m_flags))
		to->q_statmta = mci->mci_host;
	if (r < 0 || REPLYTYPE(r) == 4)
	{
		mci->mci_retryrcpt = true;
		errno = save_errno;
		return EX_TEMPFAIL;
	}
	else if (REPLYTYPE(r) == 2)
	{
		char *t;

		if ((t = mci->mci_tolist) != NULL)
		{
			char *p;

			*t++ = ',';
			for (p = to->q_paddr; *p != '\0'; *t++ = *p++)
				continue;
			*t = '\0';
			mci->mci_tolist = t;
		}
#if PIPELINING
		mci->mci_okrcpts++;
#endif /* PIPELINING */
		return EX_OK;
	}
	else if (r == 550)
	{
		to->q_status = ENHSCN_RPOOL(enhsc, "5.1.1", e->e_rpool);
		return EX_NOUSER;
	}
	else if (r == 551)
	{
		to->q_status = ENHSCN_RPOOL(enhsc, "5.1.6", e->e_rpool);
		return EX_NOUSER;
	}
	else if (r == 553)
	{
		to->q_status = ENHSCN_RPOOL(enhsc, "5.1.3", e->e_rpool);
		return EX_NOUSER;
	}
	else if (REPLYTYPE(r) == 5)
	{
		return EX_UNAVAILABLE;
	}

	if (LogLevel > 1)
	{
		sm_syslog(LOG_CRIT, e->e_id,
			  "%.100s: SMTP RCPT protocol error: %s",
			  CurHostName,
			  shortenstring(SmtpReplyBuffer, 403));
	}

	mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
		    SmtpReplyBuffer);
	return EX_PROTOCOL;
}
/*
**  SMTPDATA -- send the data and clean up the transaction.
**
**	Parameters:
**		m -- mailer being sent to.
**		mci -- the mailer connection information.
**		e -- the envelope for this message.
**
**	Returns:
**		exit status corresponding to DATA command.
*/

int
smtpdata(m, mci, e, ctladdr, xstart)
	MAILER *m;
	register MCI *mci;
	register ENVELOPE *e;
	ADDRESS *ctladdr;
	time_t xstart;
{
	register int r;
	int rstat;
	int xstat;
	int timeout;
	char *enhsc;

	/*
	**  Check if connection is gone, if so
	**  it's a tempfail and we use mci_errno
	**  for the reason.
	*/

	if (mci->mci_state == MCIS_CLOSED)
	{
		errno = mci->mci_errno;
		return EX_TEMPFAIL;
	}

	enhsc = NULL;

	/*
	**  Send the data.
	**	First send the command and check that it is ok.
	**	Then send the data (if there are valid recipients).
	**	Follow it up with a dot to terminate.
	**	Finally get the results of the transaction.
	*/

	/* send the command and check ok to proceed */
	smtpmessage("DATA", m, mci);

#if PIPELINING
	if (mci->mci_nextaddr != NULL)
	{
		char *oldto = e->e_to;

		/* pick up any pending RCPT responses for SMTP pipelining */
		while (mci->mci_nextaddr != NULL)
		{
			int r;

			e->e_to = mci->mci_nextaddr->q_paddr;
			r = smtprcptstat(mci->mci_nextaddr, m, mci, e);
			if (r != EX_OK)
			{
				markfailure(e, mci->mci_nextaddr, mci, r,
					    false);
				giveresponse(r, mci->mci_nextaddr->q_status, m,
					     mci, ctladdr, xstart, e,
					     mci->mci_nextaddr);
				if (r == EX_TEMPFAIL)
					mci->mci_nextaddr->q_state = QS_RETRY;
			}
			mci->mci_nextaddr = mci->mci_nextaddr->q_pchain;
		}
		e->e_to = oldto;

		/*
		**  Connection might be closed in response to a RCPT command,
		**  i.e., the server responded with 421. In that case (at
		**  least) one RCPT has a temporary failure, hence we don't
		**  need to check mci_okrcpts (as it is done below) to figure
		**  out which error to return.
		*/

		if (mci->mci_state == MCIS_CLOSED)
		{
			errno = mci->mci_errno;
			return EX_TEMPFAIL;
		}
	}
#endif /* PIPELINING */

	/* now proceed with DATA phase */
	SmtpPhase = mci->mci_phase = "client DATA 354";
	mci->mci_state = MCIS_DATA;
	sm_setproctitle(true, e, "%s %s: %s",
			qid_printname(e), CurHostName, mci->mci_phase);
	r = reply(m, mci, e, TimeOuts.to_datainit, NULL, &enhsc, XS_DEFAULT);
	if (r < 0 || REPLYTYPE(r) == 4)
	{
		if (r >= 0)
			smtpquit(m, mci, e);
		errno = mci->mci_errno;
		return EX_TEMPFAIL;
	}
	else if (REPLYTYPE(r) == 5)
	{
		smtprset(m, mci, e);
#if PIPELINING
		if (mci->mci_okrcpts <= 0)
			return mci->mci_retryrcpt ? EX_TEMPFAIL
						  : EX_UNAVAILABLE;
#endif /* PIPELINING */
		return EX_UNAVAILABLE;
	}
	else if (REPLYTYPE(r) != 3)
	{
		if (LogLevel > 1)
		{
			sm_syslog(LOG_CRIT, e->e_id,
				  "%.100s: SMTP DATA-1 protocol error: %s",
				  CurHostName,
				  shortenstring(SmtpReplyBuffer, 403));
		}
		smtprset(m, mci, e);
		mci_setstat(mci, EX_PROTOCOL, ENHSCN(enhsc, "5.5.1"),
			    SmtpReplyBuffer);
#if PIPELINING
		if (mci->mci_okrcpts <= 0)
			return mci->mci_retryrcpt ? EX_TEMPFAIL
						  : EX_PROTOCOL;
#endif /* PIPELINING */
		return EX_PROTOCOL;
	}

#if PIPELINING
	if (mci->mci_okrcpts > 0)
	{
#endif /* PIPELINING */

	/*
	**  Set timeout around data writes.  Make it at least large
	**  enough for DNS timeouts on all recipients plus some fudge
	**  factor.  The main thing is that it should not be infinite.
	*/

	if (tTd(18, 101))
	{
		/* simulate a DATA timeout */
		timeout = 10;
	}
	else
		timeout = DATA_PROGRESS_TIMEOUT * 1000;
	sm_io_setinfo(mci->mci_out, SM_IO_WHAT_TIMEOUT, &timeout);


	/*
	**  Output the actual message.
	*/

	if (!(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER))
		goto writeerr;

	if (tTd(18, 101))
	{
		/* simulate a DATA timeout */
		(void) sleep(2);
	}

	if (!(*e->e_putbody)(mci, e, NULL))
		goto writeerr;

	/*
	**  Cleanup after sending message.
	*/


#if PIPELINING
	}
#endif /* PIPELINING */

#if _FFR_CATCH_BROKEN_MTAS
	if (sm_io_getinfo(mci->mci_in, SM_IO_IS_READABLE, NULL) > 0)
	{
		/* terminate the message */
		(void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s",
				     m->m_eol);
		if (TrafficLogFile != NULL)
			(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
					     "%05d >>> .\n", (int) CurrentPid);
		if (Verbose)
			nmessage(">>> .");

		sm_syslog(LOG_CRIT, e->e_id,
			  "%.100s: SMTP DATA-1 protocol error: remote server returned response before final dot",
			  CurHostName);
		mci->mci_errno = EIO;
		mci->mci_state = MCIS_ERROR;
		mci_setstat(mci, EX_PROTOCOL, "5.5.0", NULL);
		smtpquit(m, mci, e);
		return EX_PROTOCOL;
	}
#endif /* _FFR_CATCH_BROKEN_MTAS */

	if (sm_io_error(mci->mci_out))
	{
		/* error during processing -- don't send the dot */
		mci->mci_errno = EIO;
		mci->mci_state = MCIS_ERROR;
		mci_setstat(mci, EX_IOERR, "4.4.2", NULL);
		smtpquit(m, mci, e);
		return EX_IOERR;
	}

	/* terminate the message */
	if (sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, "%s.%s",
			bitset(MCIF_INLONGLINE, mci->mci_flags) ? m->m_eol : "",
			m->m_eol) == SM_IO_EOF)
		goto writeerr;
	if (TrafficLogFile != NULL)
		(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
				     "%05d >>> .\n", (int) CurrentPid);
	if (Verbose)
		nmessage(">>> .");

	/* check for the results of the transaction */
	SmtpPhase = mci->mci_phase = "client DATA status";
	sm_setproctitle(true, e, "%s %s: %s", qid_printname(e),
			CurHostName, mci->mci_phase);
	if (bitnset(M_LMTP, m->m_flags))
		return EX_OK;
	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DEFAULT);
	if (r < 0)
		return EX_TEMPFAIL;
	if (mci->mci_state == MCIS_DATA)
		mci->mci_state = MCIS_OPEN;
	xstat = EX_NOTSTICKY;
	if (r == 452)
		rstat = EX_TEMPFAIL;
	else if (REPLYTYPE(r) == 4)
		rstat = xstat = EX_TEMPFAIL;
	else if (REPLYTYPE(r) == 2)
		rstat = xstat = EX_OK;
	else if (REPLYCLASS(r) != 5)
		rstat = xstat = EX_PROTOCOL;
	else if (REPLYTYPE(r) == 5)
		rstat = EX_UNAVAILABLE;
	else
		rstat = EX_PROTOCOL;
	mci_setstat(mci, xstat, ENHSCN(enhsc, smtptodsn(r)),
		    SmtpReplyBuffer);
	if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
	    (r = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0)
		r += 5;
	else
		r = 4;
	e->e_statmsg = sm_rpool_strdup_x(e->e_rpool, &SmtpReplyBuffer[r]);
	SmtpPhase = mci->mci_phase = "idle";
	sm_setproctitle(true, e, "%s: %s", CurHostName, mci->mci_phase);
	if (rstat != EX_PROTOCOL)
		return rstat;
	if (LogLevel > 1)
	{
		sm_syslog(LOG_CRIT, e->e_id,
			  "%.100s: SMTP DATA-2 protocol error: %s",
			  CurHostName,
			  shortenstring(SmtpReplyBuffer, 403));
	}
	return rstat;

  writeerr:
	mci->mci_errno = errno;
	mci->mci_state = MCIS_ERROR;
	mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);

	/*
	**  If putbody() couldn't finish due to a timeout,
	**  rewind it here in the timeout handler.  See
	**  comments at the end of putbody() for reasoning.
	*/

	if (e->e_dfp != NULL)
		(void) bfrewind(e->e_dfp);

	errno = mci->mci_errno;
	syserr("451 4.4.1 timeout writing message to %s", CurHostName);
	smtpquit(m, mci, e);
	return EX_TEMPFAIL;
}

/*
**  SMTPGETSTAT -- get status code from DATA in LMTP
**
**	Parameters:
**		m -- the mailer to which we are sending the message.
**		mci -- the mailer connection structure.
**		e -- the current envelope.
**
**	Returns:
**		The exit status corresponding to the reply code.
*/

int
smtpgetstat(m, mci, e)
	MAILER *m;
	MCI *mci;
	ENVELOPE *e;
{
	int r;
	int off;
	int status, xstat;
	char *enhsc;

	enhsc = NULL;

	/* check for the results of the transaction */
	r = reply(m, mci, e, TimeOuts.to_datafinal, NULL, &enhsc, XS_DEFAULT);
	if (r < 0)
		return EX_TEMPFAIL;
	xstat = EX_NOTSTICKY;
	if (REPLYTYPE(r) == 4)
		status = EX_TEMPFAIL;
	else if (REPLYTYPE(r) == 2)
		status = xstat = EX_OK;
	else if (REPLYCLASS(r) != 5)
		status = xstat = EX_PROTOCOL;
	else if (REPLYTYPE(r) == 5)
		status = EX_UNAVAILABLE;
	else
		status = EX_PROTOCOL;
	if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
	    (off = isenhsc(SmtpReplyBuffer + 4, ' ')) > 0)
		off += 5;
	else
		off = 4;
	e->e_statmsg = sm_rpool_strdup_x(e->e_rpool, &SmtpReplyBuffer[off]);
	mci_setstat(mci, xstat, ENHSCN(enhsc, smtptodsn(r)), SmtpReplyBuffer);
	if (LogLevel > 1 && status == EX_PROTOCOL)
	{
		sm_syslog(LOG_CRIT, e->e_id,
			  "%.100s: SMTP DATA-3 protocol error: %s",
			  CurHostName,
			  shortenstring(SmtpReplyBuffer, 403));
	}
	return status;
}
/*
**  SMTPQUIT -- close the SMTP connection.
**
**	Parameters:
**		m -- a pointer to the mailer.
**		mci -- the mailer connection information.
**		e -- the current envelope.
**
**	Returns:
**		none.
**
**	Side Effects:
**		sends the final protocol and closes the connection.
*/

void
smtpquit(m, mci, e)
	register MAILER *m;
	register MCI *mci;
	ENVELOPE *e;
{
	bool oldSuprErrs = SuprErrs;
	int rcode;
	char *oldcurhost;

	if (mci->mci_state == MCIS_CLOSED)
	{
		mci_close(mci, "smtpquit:1");
		return;
	}

	oldcurhost = CurHostName;
	CurHostName = mci->mci_host;		/* XXX UGLY XXX */
	if (CurHostName == NULL)
		CurHostName = MyHostName;

#if PIPELINING
	mci->mci_okrcpts = 0;
#endif /* PIPELINING */

	/*
	**	Suppress errors here -- we may be processing a different
	**	job when we do the quit connection, and we don't want the
	**	new job to be penalized for something that isn't it's
	**	problem.
	*/

	SuprErrs = true;

	/* send the quit message if we haven't gotten I/O error */
	if (mci->mci_state != MCIS_ERROR &&
	    mci->mci_state != MCIS_QUITING)
	{
		SmtpPhase = "client QUIT";
		mci->mci_state = MCIS_QUITING;
		smtpmessage("QUIT", m, mci);
		(void) reply(m, mci, e, TimeOuts.to_quit, NULL, NULL,
				XS_DEFAULT);
		SuprErrs = oldSuprErrs;
		if (mci->mci_state == MCIS_CLOSED)
			goto end;
	}

	/* now actually close the connection and pick up the zombie */
	rcode = endmailer(mci, e, NULL);
	if (rcode != EX_OK)
	{
		char *mailer = NULL;

		if (mci->mci_mailer != NULL &&
		    mci->mci_mailer->m_name != NULL)
			mailer = mci->mci_mailer->m_name;

		/* look for naughty mailers */
		sm_syslog(LOG_ERR, e->e_id,
			  "smtpquit: mailer%s%s exited with exit value %d",
			  mailer == NULL ? "" : " ",
			  mailer == NULL ? "" : mailer,
			  rcode);
	}

	SuprErrs = oldSuprErrs;

  end:
	CurHostName = oldcurhost;
	return;
}
/*
**  SMTPRSET -- send a RSET (reset) command
**
**	Parameters:
**		m -- a pointer to the mailer.
**		mci -- the mailer connection information.
**		e -- the current envelope.
**
**	Returns:
**		none.
**
**	Side Effects:
**		closes the connection if there is no reply to RSET.
*/

void
smtprset(m, mci, e)
	register MAILER *m;
	register MCI *mci;
	ENVELOPE *e;
{
	int r;

	CurHostName = mci->mci_host;		/* XXX UGLY XXX */
	if (CurHostName == NULL)
		CurHostName = MyHostName;

#if PIPELINING
	mci->mci_okrcpts = 0;
#endif /* PIPELINING */

	/*
	**  Check if connection is gone, if so
	**  it's a tempfail and we use mci_errno
	**  for the reason.
	*/

	if (mci->mci_state == MCIS_CLOSED)
	{
		errno = mci->mci_errno;
		return;
	}

	SmtpPhase = "client RSET";
	smtpmessage("RSET", m, mci);
	r = reply(m, mci, e, TimeOuts.to_rset, NULL, NULL, XS_DEFAULT);
	if (r < 0)
		return;

	/*
	**  Any response is deemed to be acceptable.
	**  The standard does not state the proper action
	**  to take when a value other than 250 is received.
	**
	**  However, if 421 is returned for the RSET, leave
	**  mci_state alone (MCIS_SSD can be set in reply()
	**  and MCIS_CLOSED can be set in smtpquit() if
	**  reply() gets a 421 and calls smtpquit()).
	*/

	if (mci->mci_state != MCIS_SSD && mci->mci_state != MCIS_CLOSED)
		mci->mci_state = MCIS_OPEN;
	else if (mci->mci_exitstat == EX_OK)
		mci_setstat(mci, EX_TEMPFAIL, "4.5.0", NULL);
}
/*
**  SMTPPROBE -- check the connection state
**
**	Parameters:
**		mci -- the mailer connection information.
**
**	Returns:
**		none.
**
**	Side Effects:
**		closes the connection if there is no reply to RSET.
*/

int
smtpprobe(mci)
	register MCI *mci;
{
	int r;
	MAILER *m = mci->mci_mailer;
	ENVELOPE *e;
	extern ENVELOPE BlankEnvelope;

	CurHostName = mci->mci_host;		/* XXX UGLY XXX */
	if (CurHostName == NULL)
		CurHostName = MyHostName;

	e = &BlankEnvelope;
	SmtpPhase = "client probe";
	smtpmessage("RSET", m, mci);
	r = reply(m, mci, e, TimeOuts.to_miscshort, NULL, NULL, XS_DEFAULT);
	if (REPLYTYPE(r) != 2)
		smtpquit(m, mci, e);
	return r;
}
/*
**  REPLY -- read arpanet reply
**
**	Parameters:
**		m -- the mailer we are reading the reply from.
**		mci -- the mailer connection info structure.
**		e -- the current envelope.
**		timeout -- the timeout for reads.
**		pfunc -- processing function called on each line of response.
**			If null, no special processing is done.
**		enhstat -- optional, returns enhanced error code string (if set)
**		rtype -- type of SmtpMsgBuffer: does it contains secret data?
**
**	Returns:
**		reply code it reads.
**
**	Side Effects:
**		flushes the mail file.
*/

int
reply(m, mci, e, timeout, pfunc, enhstat, rtype)
	MAILER *m;
	MCI *mci;
	ENVELOPE *e;
	time_t timeout;
	void (*pfunc) __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
	char **enhstat;
	int rtype;
{
	register char *bufp;
	register int r;
	bool firstline = true;
	char junkbuf[MAXLINE];
	static char enhstatcode[ENHSCLEN];
	int save_errno;

	/*
	**  Flush the output before reading response.
	**
	**	For SMTP pipelining, it would be better if we didn't do
	**	this if there was already data waiting to be read.  But
	**	to do it properly means pushing it to the I/O library,
	**	since it really needs to be done below the buffer layer.
	*/

	if (mci->mci_out != NULL)
		(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);

	if (tTd(18, 1))
		sm_dprintf("reply\n");

	/*
	**  Read the input line, being careful not to hang.
	*/

	bufp = SmtpReplyBuffer;
	set_tls_rd_tmo(timeout);
	for (;;)
	{
		register char *p;

		/* actually do the read */
		if (e->e_xfp != NULL)	/* for debugging */
			(void) sm_io_flush(e->e_xfp, SM_TIME_DEFAULT);

		/* if we are in the process of closing just give the code */
		if (mci->mci_state == MCIS_CLOSED)
			return SMTPCLOSING;

		/* don't try to read from a non-existent fd */
		if (mci->mci_in == NULL)
		{
			if (mci->mci_errno == 0)
				mci->mci_errno = EBADF;

			/* errors on QUIT should be ignored */
			if (strncmp(SmtpMsgBuffer, "QUIT", 4) == 0)
			{
				errno = mci->mci_errno;
				mci_close(mci, "reply:1");
				return -1;
			}
			mci->mci_state = MCIS_ERROR;
			smtpquit(m, mci, e);
			errno = mci->mci_errno;
			return -1;
		}

		if (mci->mci_out != NULL)
			(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);

		/* get the line from the other side */
		p = sfgets(bufp, MAXLINE, mci->mci_in, timeout, SmtpPhase);
		save_errno = errno;
		mci->mci_lastuse = curtime();

		if (p == NULL)
		{
			bool oldholderrs;
			extern char MsgBuf[];

			/* errors on QUIT should be ignored */
			if (strncmp(SmtpMsgBuffer, "QUIT", 4) == 0)
			{
				mci_close(mci, "reply:2");
				return -1;
			}

			/* if the remote end closed early, fake an error */
			errno = save_errno;
			if (errno == 0)
			{
				(void) sm_snprintf(SmtpReplyBuffer,
						   sizeof(SmtpReplyBuffer),
						   "421 4.4.1 Connection reset by %s",
						   CURHOSTNAME);
#ifdef ECONNRESET
				errno = ECONNRESET;
#else /* ECONNRESET */
				errno = EPIPE;
#endif /* ECONNRESET */
			}

			mci->mci_errno = errno;
			oldholderrs = HoldErrs;
			HoldErrs = true;
			usrerr("451 4.4.1 reply: read error from %s",
			       CURHOSTNAME);
			mci_setstat(mci, EX_TEMPFAIL, "4.4.2", MsgBuf);

			/* if debugging, pause so we can see state */
			if (tTd(18, 100))
				(void) pause();
			mci->mci_state = MCIS_ERROR;
			smtpquit(m, mci, e);
#if XDEBUG
			{
				char wbuf[MAXLINE];

				p = wbuf;
				if (e->e_to != NULL)
				{
					(void) sm_snprintf(p,
							   SPACELEFT(wbuf, p),
							   "%s... ",
							   shortenstring(e->e_to, MAXSHORTSTR));
					p += strlen(p);
				}
				(void) sm_snprintf(p, SPACELEFT(wbuf, p),
						   "reply(%.100s) during %s",
						   CURHOSTNAME, SmtpPhase);
				checkfd012(wbuf);
			}
#endif /* XDEBUG */
			HoldErrs = oldholderrs;
			errno = save_errno;
			return -1;
		}
		fixcrlf(bufp, true);

		/* EHLO failure is not a real error */
		if (e->e_xfp != NULL && (bufp[0] == '4' ||
		    (bufp[0] == '5' && strncmp(SmtpMsgBuffer, "EHLO", 4) != 0)))
		{
			/* serious error -- log the previous command */
			if (SmtpNeedIntro)
			{
				/* inform user who we are chatting with */
				(void) sm_io_fprintf(CurEnv->e_xfp,
						     SM_TIME_DEFAULT,
						     "... while talking to %s:\n",
						     CURHOSTNAME);
				SmtpNeedIntro = false;
			}
			if (SmtpMsgBuffer[0] != '\0')
			{
				(void) sm_io_fprintf(e->e_xfp,
					SM_TIME_DEFAULT,
					">>> %s\n",
					(rtype == XS_STARTTLS)
					? "STARTTLS dialogue"
					: ((rtype == XS_AUTH)
					   ? "AUTH dialogue"
					   : SmtpMsgBuffer));
				SmtpMsgBuffer[0] = '\0';
			}

			/* now log the message as from the other side */
			(void) sm_io_fprintf(e->e_xfp, SM_TIME_DEFAULT,
					     "<<< %s\n", bufp);
		}

		/* display the input for verbose mode */
		if (Verbose)
			nmessage("050 %s", bufp);

		/* ignore improperly formatted input */
		if (!ISSMTPREPLY(bufp))
			continue;

		if (bitset(MCIF_ENHSTAT, mci->mci_flags) &&
		    enhstat != NULL &&
		    extenhsc(bufp + 4, ' ', enhstatcode) > 0)
			*enhstat = enhstatcode;

		/* process the line */
		if (pfunc != NULL)
			(*pfunc)(bufp, firstline, m, mci, e);

		firstline = false;

		/* decode the reply code */
		r = atoi(bufp);

		/* extra semantics: 0xx codes are "informational" */
		if (r < 100)
			continue;

		/* if no continuation lines, return this line */
		if (bufp[3] != '-')
			break;

		/* first line of real reply -- ignore rest */
		bufp = junkbuf;
	}

	/*
	**  Now look at SmtpReplyBuffer -- only care about the first
	**  line of the response from here on out.
	*/

	/* save temporary failure messages for posterity */
	if (SmtpReplyBuffer[0] == '4')
		(void) sm_strlcpy(SmtpError, SmtpReplyBuffer, sizeof(SmtpError));

	/* reply code 421 is "Service Shutting Down" */
	if (r == SMTPCLOSING && mci->mci_state != MCIS_SSD &&
	    mci->mci_state != MCIS_QUITING)
	{
		/* send the quit protocol */
		mci->mci_state = MCIS_SSD;
		smtpquit(m, mci, e);
	}

	return r;
}
/*
**  SMTPMESSAGE -- send message to server
**
**	Parameters:
**		f -- format
**		m -- the mailer to control formatting.
**		a, b, c -- parameters
**
**	Returns:
**		none.
**
**	Side Effects:
**		writes message to mci->mci_out.
*/

/*VARARGS1*/
void
#ifdef __STDC__
smtpmessage(char *f, MAILER *m, MCI *mci, ...)
#else /* __STDC__ */
smtpmessage(f, m, mci, va_alist)
	char *f;
	MAILER *m;
	MCI *mci;
	va_dcl
#endif /* __STDC__ */
{
	SM_VA_LOCAL_DECL

	SM_VA_START(ap, mci);
	(void) sm_vsnprintf(SmtpMsgBuffer, sizeof(SmtpMsgBuffer), f, ap);
	SM_VA_END(ap);

	if (tTd(18, 1) || Verbose)
		nmessage(">>> %s", SmtpMsgBuffer);
	if (TrafficLogFile != NULL)
		(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
				     "%05d >>> %s\n", (int) CurrentPid,
				     SmtpMsgBuffer);
	if (mci->mci_out != NULL)
	{
		(void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, "%s%s",
				     SmtpMsgBuffer, m == NULL ? "\r\n"
							      : m->m_eol);
	}
	else if (tTd(18, 1))
	{
		sm_dprintf("smtpmessage: NULL mci_out\n");
	}
}